cyber_sectechfandomcom-20200214-history
Privilege Escalation
Introduction Privilege escalation is a type of malicious action where the attacker either gains the same level of user privileges on a system as a legitimate user, or breaks into a system and obtains higher privileges than that of the legitimate user http://searchsecurity.techtarget.com/definition/privilege-escalation-attack. It is not always meant to just gain higher privileges on a system, attackers can use privilege escalation to also move around networks with minimal restrictions and steal data or commit other malicious actions such as weakening security, installing additional malware and altering system and network configurations https://www.tomsguide.com/us/privilege-escalation,review-1983.html. Most operating systems allow users to configure access control policies and limit what the user can do on their computer and what they can do on the network. Therefore in many cases the attacker will most likely have to elevate their privileges on the targeted system in order to carry out their attack. If an attacker can access the operating system's kernel, it can give them the highest level of control over the targeted system and help them elevate their privileges significantly. This is why the kernel is such a desirable target for remote attackers https://azeria-labs.com/privilege-escalation/. __TOC__ Types of Privilege Escalation There are two types of privilege escalation, which are horizontal and vertical privilege escalation. Horizontal Privilege Escalation This type of attack grants the attacker the same level of access rights as the victim allowing them to see and do everything the legitimate user is allowed to do. This can allow the attacker to try and gather more information about the network the victim is on, and if the attack was targeted at that specific individual, then the attacker can commit the malicious acts they planned to against the victim https://www.icann.org/news/blog/what-is-privilege-escalation. If the user is an administrator or has administrative rights, then the attacker may not have to elevate their privileges further. The attacker can also try and alter that user's system configurations by weakening the security in order to install malware onto the device and make the device vulnerable for a later attack. Vertical Privilege Escalation This attack, also referred to as jail breaking, is when the attacker obtains higher privileges than that of the victim. This can be achieved by access an administrative account or getting into the kernel of the operating system https://outpost24.com/vertical-privilege-escalation. This is a more severe attack than horizontal privilege escalation because the level of control the attacker has can be very high. The attacker can lower the system's security, access, manipulate and steal data, move freely through a network, alter system configurations to work to the attacker's advantage, install malware and alter user account settings. How Privilege Escalation is Performed There are a number of ways that privilege escalation can be achieved, but it all depends on the systems, the users and the goal of the attack. Getting a Dump of the SAM File The SAM file is where Windows stores its passwords, and obtaining a readable copy of the SAM file will reveal credentials that the attacker can use to try and gain access to a user's system or try and find credentials linked to an administrative account. Social Engineering Using social engineering can help trick the user into giving away credentials to their system or running malware that can steal credentials or create a backdoor for the attacker to gain access to the system. This is not always the best approach as there are a number of possible security barriers the attacker may have to get through to achieve privilege escalation. Weak Process Permissions The attacker can take advantage of some processes running on a system, particularly ones run by an administrator. The attacker could inject malicious code into the desired process and try to obtain the privileges related to that process. References Category:Cyber Attacks Category:Glossary